Serve different certs for same Tomcat application via connectors?

Question

For a limited time, we have to serve the same Tomcat 6 web application from two different domain names. Both domains need to be served HTTPS - is it technically possible to handle serving different certs for the same app using connectors (or other method)?

The other option (which we are trying to avoid) is to handle the cert delivery upstream of the application.

TIA,

Geoff

Answer 1

There are 3 ways to do this,

1. Get 2 IPs for the same host and set up 2 connectors bound to each IP. This is cleanest solution.

2. Get a cert with SAN (Subject Alternative Name). This is basically a cert with 2 hostnames. Some real old browser and Java 1.5 earlier doesn't support SAN.

3. Another way to use 2 certs on the same IP is to use SNI (Server Name Indication) extension of TLS. Unfortunately, this is not supported by JSSE. If you can run an Apache httpd in front of the Tomcat, you can use this feature.